Hello everyone. I guess I should start by saying I'm not 100% certain this is in the correct forum, so if a Mod. needs to move it please do so...and thanks.

I've been a silent watcher of this site for a few months or so now, but finally broke down and decided I just had to ask a question;

I was looking the black hat 2006 page, and was really interested in the "Cadet Training / hacking by numbers" and the "exploiting 101" courses. Problem is, it's not looking like my boss is willing to send me, and I can't scrape together the $3000 to get myself there (short of taking out a second mortgage against my house...which I'd rather not do).

Was wondering if anyone had run across a similar course or book...something like basic programming (and compiling), some sample scripts, ect. I found the book "Hacking: The Art of Exploitation" on a local book sellers webpage (covers more of the logic behind the exploits), and I thought this would be a perfect introduction to the field...if only I had the basic skills in regards to programming (specifically the compiling portion).

Does anyone know of a good resource for me? I'm not really wanting to learn a full language if I can avoid it for the time being.

I think this is a tough one for members to answer. It seems as though you are interested in programming but don't want to learn to program. Sounds like a quandry. Don't get me wrong, there are plenty of security professionals and pen testers out there that don't. On a side note, that is probably the number one reason to hire a Red Team (a group of pen testers with each having an expertise in a particluar area) instead of trying to find the 1 guy to do it all and do it well.

But I'll give it a go...

For basic programming if you've never coded, try Faster Smarter Beginning Programming. It is for Visual Basic .NET and was written in 2003. It assumes you have no programming experience whatsoever, but that you also are a tech who can grasp the concepts. It's a quick read and although it won't make you a hot shot coder, it will give you a foundation of understanding.

I have a little (really...a little) programming knowledge. I took a visual basic class a while back, but the instructor barely spoke english, and I was NOT going to pay $1000's of dollers per course to teach myself. Maybe I do need to break down and learn a language.

Is it justifiable...maybe that's not the right word...maybe I should say "industry acceptable"... to not start with the programming side of this? Like I said, I have a very basic understanding of programming logic, but no so much with the actual coding side.

Either way, I will certainly check out both those books. Both sound like a step in the right direction.

Don't forget you have to have a certain kind of mind to be a programmer. I'm the world's worst programmer, so I don't even try.I did a course in Visual Basic 3.0 at my local community college back in the late 80's, when I was working on my Associate's degree. The teacher was good, and fair. It was just me. You have to be able to think logically.

Think for a second: Can you see yourself as from the planet Vulcan? Mr. Spock from Star Trek would probably be the world's BEST programmer, as he thinks logically. You could write a program with thousands of lines of code, but if you make a mistake in your logic, could you find it? Finding a logic error is a tremendously hard task, IMHO, as it doesn't show up as an error to the operating system. But it will cause your output to be wrong.Not trying to scare you off, but some people are programmers, and some are not. Not everybody can program.

Why don't you try a programming course at your local community college? Then you can see if it's right for you. Community colleges are meant to be affordable.

Last edited by oyle on Thu May 18, 2006 4:45 pm, edited 1 time in total.

MCP, MCP+I, MCSA, MCSE(NT4/W2K), CCNA, CCA, NWCCC, VH-PIRTS, CEH --------------------"hackers are like jedi, crackers are like the sith: do not fall prey to the dark side".

You can always try stuff for free to see if it is your bag. If you think java is your direction, try some of the free programming tools that come with Linux distros such as Fedora Core 5:

This release of Fedora Core represents another big step down the free Java path. Through the introduction of the completely free software stack java-gcj-compat that runs native and bytecode Java, Fedora can now compile and run software written in Java without relying upon proprietary and closed Java machine implementations.

The excellent Fedora Java development team of Red Hat and community hackers have built many popular Java-based or Java-using packages utilizing java-gcj-compat for this release. These packages, which include OpenOffice.org, Eclipse, Apache Tomcat, and Jakarta, are now compiled and run on a 100% free and open software stack.

We included a complete set of packages and development goodies in Fedora Core 5 for Java technologies. Fedora Extras also has many Java applications: the popular BitTorrent utility Azureus, RSSowl, and others, all powered by gcj-java-compat.

To be a pen-tester you don't need to be an expert programmer. But at least I think you should be able to understand the overall purpose of a program when looking at the source code.

Furthermore you should be able to do some scripting (not matter what language, it depends on your prefered platform: if you're a windows guy try Visual Basic Script, on Linux Shell scripting and to be used on both perhaps Perl)

Without having at minimum some basic programming skills it would be a hard job to do successful pen-testing...

All those comments certainly help clear some things up. I think maybe scripting might be the way to start, and move more into it if it suits me. My main concern has always been knowing why things work, not just accepting that they do.

I'm also a newbie to programming and scripting. I was talking to the developers at work about which language to learn, and they unanimously said I should learn Perl. I asked whether I should study something else first, like C or Java or Python and they said no. They particularly said I should read the book Teach Yourself Perl in 21 Days.

Last edited by Negrita on Tue May 23, 2006 5:40 pm, edited 1 time in total.

CEH, CCSA NG/AI, NNCSS, MCP, MCSA 2003

There are 10 kinds of people, those that understand binary, and those that don't.